X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=website%2Fsimilar.mdwn;h=ae3f728a610fc9302f6bdbf2e6619ec28ed2ce7d;hb=a38d8f8ad0a5531f3b1c28cc7bc248c965d0f8ad;hp=1a33b062430ff2caa46f9035a4a619554a29410b;hpb=7d9b281e67d75163d491e303d4693a00667b7f91;p=monkeysphere.git

diff --git a/website/similar.mdwn b/website/similar.mdwn
index 1a33b06..ae3f728 100644
--- a/website/similar.mdwn
+++ b/website/similar.mdwn
@@ -71,7 +71,8 @@ Some concerns with the Perspectives OpenSSH client:
 
  * This client won't help if you are connecting to machines behind
    firewalls, on NAT'ed LANs, with source IP filtering, or otherwise
-   in a restricted network state.
+   in a restricted network state, because the notaries won't be able
+   to reach it.
 
  * There is still a question of why you should trust these particular
    notaries during your verification.  Who are the notaries?  How
@@ -85,6 +86,17 @@ Some concerns with the Perspectives OpenSSH client:
  * It doesn't provide any mechanism for key rotation or revocation:
    Perspectives won't help you if you need to re-key your machine.
 
+ * The most common threat which Perspectives protects against (a
+   narrow MITM attack, e.g. the attacker controls your gateway) often
+   coincides with the ability of the attacker to filter arbitrary
+   traffic to your node.  But in this case, the attacker could filter
+   out your traffic to the notaries (or the responses from the
+   notaries).  Such filtering (rejecting unknown UDP traffic, as
+   Perspectives appears to use UDP port 15217) is unfortunately
+   common, particuarly on public networks, even when the gateway is
+   not malicious.  This reduces the utility of the Perspectives
+   approach.
+
 ## OpenSSH with X.509v3 certificates ##
 
 Roumen Petrov [maintains a patch to OpenSSH that works with the X.509